Android
by Google
CVEs (4,715)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-20168 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A | ||
| CVE-2022-20151 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A | ||
| CVE-2021-39677 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2022 | In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 | ||
| CVE-2021-1022 | Hig | 0.49 | 7.5 | 0.01 | Dec 15, 2021 | In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0925 | Hig | 0.49 | 7.5 | 0.01 | Dec 15, 2021 | In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed.… | ||
| CVE-2021-0555 | Hig | 0.49 | 7.5 | 0.01 | Jun 22, 2021 | In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2021-0517 | Hig | 0.49 | 7.5 | 0.01 | Jun 21, 2021 | In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no… | ||
| CVE-2021-0466 | Hig | 0.49 | 7.5 | 0.01 | Jun 11, 2021 | In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0431 | Hig | 0.49 | 7.5 | 0.02 | Apr 13, 2021 | In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2021-0326 | Hig | 0.49 | 7.5 | 0.05 | Feb 10, 2021 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not… | ||
| CVE-2020-27055 | Hig | 0.49 | 7.5 | 0.01 | Dec 15, 2020 | In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution… | ||
| CVE-2020-27024 | Hig | 0.49 | 7.5 | 0.01 | Dec 15, 2020 | In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is… | ||
| CVE-2020-0460 | Hig | 0.49 | 7.5 | 0.01 | Dec 14, 2020 | In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0442 | Hig | 0.49 | 7.5 | 0.01 | Nov 10, 2020 | In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not… | ||
| CVE-2020-0441 | Hig | 0.49 | 7.5 | 0.01 | Nov 10, 2020 | In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0413 | Hig | 0.49 | 7.5 | 0.01 | Oct 14, 2020 | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0377 | Hig | 0.49 | 7.5 | 0.02 | Oct 14, 2020 | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0300 | Hig | 0.49 | 7.5 | 0.01 | Sep 18, 2020 | In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216 | ||
| CVE-2020-0286 | Hig | 0.49 | 7.5 | 0.01 | Sep 18, 2020 | In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:… | ||
| CVE-2020-0214 | Hig | 0.49 | 7.5 | 0.01 | Jun 11, 2020 | In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… |
- risk 0.49cvss 7.5epss 0.00
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A
- risk 0.49cvss 7.5epss 0.00
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A
- risk 0.49cvss 7.5epss 0.00
In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028
- risk 0.49cvss 7.5epss 0.01
In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.49cvss 7.5epss 0.01
In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed.…
- risk 0.49cvss 7.5epss 0.01
In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.49cvss 7.5epss 0.01
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no…
- risk 0.49cvss 7.5epss 0.01
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.02
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.49cvss 7.5epss 0.05
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not…
- risk 0.49cvss 7.5epss 0.01
In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution…
- risk 0.49cvss 7.5epss 0.01
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is…
- risk 0.49cvss 7.5epss 0.01
In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.01
In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not…
- risk 0.49cvss 7.5epss 0.01
In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.01
In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.02
In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.01
In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216
- risk 0.49cvss 7.5epss 0.01
In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…
- risk 0.49cvss 7.5epss 0.01
In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
Page 116 of 236